Skip to main content
CVE-2025-43529 HIGH KEV PATCH THREAT Act Now

WebKit arbitrary code execution via use-after-free memory corruption affects Safari 26.2, iOS/iPadOS 18.7.3 through 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, and watchOS 26.2, allowing remote attackers to execute arbitrary code by convincing users to visit malicious websites. This vulnerability is confirmed actively exploited (CISA KEV) in extremely sophisticated targeted attacks against specific individuals on iOS versions prior to iOS 26, per Apple's security bulletin. EPSS score of 0.12% (32nd percentile) significantly understates real-world risk given confirmed exploitation. Related vulnerability CVE-2025-14174 was issued for the same exploitation campaign, suggesting a complex attack chain targeting Apple ecosystem users.

Apple Use After Free RCE Memory Corruption Red Hat +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-53908 HIGH POC This Week

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-68429 HIGH PATCH This Week

Information disclosure in Storybook for Node.js versions 7.0.0 through 10.1.9 exposes environment variables from `.env` files when using `storybook build` command. Unpatched projects building Storybook in directories containing `.env` files risk bundling sensitive credentials into publicly viewable artifacts. Unauthenticated attackers accessing published Storybook bundles can extract secrets from source code. Runtime dev mode, CI builds using platform environment variables, and co-located applications remain unaffected. No public exploit identified at time of analysis.

Information Disclosure Storybook Red Hat
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-14101 HIGH This Week

Authorization bypass in GG Soft PaperWork versions 5.2.0.9427 through 6.0 allows authenticated remote attackers to access or modify resources belonging to other users by manipulating user-controlled identifiers (IDOR). The flaw was reported through Turkey's USOM/TR-CERT, and no public exploit identified at time of analysis. With an EPSS score of 0.04% (12th percentile), opportunistic mass exploitation appears unlikely, though targeted abuse within deployed environments remains realistic.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy